[BUG] Constant recreation of DNS records (CloudFlare) if ingress-nginx has multiple hosts #5884
Description
What happened:
Constant recreation of DNS records (CloudFlare) if ingress-nginx has multiple hosts:
time="2025-10-02T19:37:14Z" level=info msg="Changing record." action=DELETE record=llm2.example.com ttl=300 type=A zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:37:15Z" level=info msg="Changing record." action=DELETE record=llm1.example.com ttl=300 type=A zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:37:15Z" level=info msg="Changing record." action=DELETE record=gptoss120b-qwen3emb8b.example.com ttl=300 type=A zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:37:16Z" level=info msg="Changing record." action=DELETE record=a-llm2.example.com ttl=1 type=TXT zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:37:16Z" level=info msg="Changing record." action=DELETE record=a-llm1.example.com ttl=1 type=TXT zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:37:17Z" level=info msg="Changing record." action=DELETE record=a-gptoss120b-qwen3emb8b.example.com ttl=1 type=TXT zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:38:15Z" level=info msg="Changing record." action=CREATE record=gptoss120b-qwen3emb8b.example.com ttl=1 type=A zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:38:16Z" level=info msg="Changing record." action=CREATE record=llm2.example.com ttl=1 type=A zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:38:16Z" level=info msg="Changing record." action=CREATE record=llm1.example.com ttl=1 type=A zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:38:17Z" level=info msg="Changing record." action=CREATE record=a-gptoss120b-qwen3emb8b.example.com ttl=1 type=TXT zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:38:17Z" level=info msg="Changing record." action=CREATE record=a-llm2.example.com ttl=1 type=TXT zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:38:17Z" level=info msg="Changing record." action=CREATE record=a-llm1.example.com ttl=1 type=TXT zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:39:15Z" level=info msg="All records are already up to date"
time="2025-10-02T19:40:15Z" level=info msg="All records are already up to date"
time="2025-10-02T19:41:16Z" level=info msg="All records are already up to date"
time="2025-10-02T19:42:17Z" level=info msg="Changing record." action=DELETE record=llm2.example.com ttl=1 type=A zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:42:18Z" level=info msg="Changing record." action=DELETE record=gptoss120b-qwen3emb8b.example.com ttl=1 type=A zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:42:18Z" level=info msg="Changing record." action=DELETE record=llm1.example.com ttl=1 type=A zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:42:19Z" level=info msg="Changing record." action=DELETE record=a-llm2.example.com ttl=1 type=TXT zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:42:19Z" level=info msg="Changing record." action=DELETE record=a-gptoss120b-qwen3emb8b.example.com ttl=1 type=TXT zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:42:20Z" level=info msg="Changing record." action=DELETE record=a-llm1.example.com ttl=1 type=TXT zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:43:18Z" level=info msg="Records cache provider: refreshing records list cache"
time="2025-10-02T19:43:19Z" level=info msg="Changing record." action=CREATE record=llm1.example.com ttl=1 type=A zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:43:20Z" level=info msg="Changing record." action=CREATE record=gptoss120b-qwen3emb8b.example.com ttl=1 type=A zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:43:20Z" level=info msg="Changing record." action=CREATE record=llm2.example.com ttl=1 type=A zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:43:20Z" level=info msg="Changing record." action=CREATE record=a-llm1.example.com ttl=1 type=TXT zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:43:21Z" level=info msg="Changing record." action=CREATE record=a-gptoss120b-qwen3emb8b.example.com ttl=1 type=TXT zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
time="2025-10-02T19:43:21Z" level=info msg="Changing record." action=CREATE record=a-llm2.example.com ttl=1 type=TXT zone=c1f6c1613ec42a2ce8e16cc5c3b8f9c8
Ingress-nginx manifest:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/proxy-body-size: 200m
nginx.ingress.kubernetes.io/proxy-buffering: "off"
nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: "true"
name: gptoss120b-qwen3emb8b
namespace: models
spec:
ingressClassName: nginx
rules:
- host: gptoss120b-qwen3emb8b.example.com
http:
paths:
- backend:
service:
name: gptoss120b-qwen3emb8b-predictor
port:
number: 80
path: /gptoss120b(/|$)(.*)
pathType: ImplementationSpecific
- backend:
service:
name: gptoss120b-qwen3emb8b-predictor
port:
number: 81
path: /qwen3emb8b(/|$)(.*)
pathType: ImplementationSpecific
- host: llm1.example.com
http:
paths:
- backend:
service:
name: gptoss120b-qwen3emb8b-predictor
port:
number: 80
path: /
pathType: Prefix
- host: llm2.example.com
http:
paths:
- backend:
service:
name: gptoss120b-qwen3emb8b-predictor
port:
number: 81
path: /
pathType: Prefix
tls:
- hosts:
- gptoss120b-qwen3emb8b.example.com
- llm1.example.com
- llm2.example.com
secretName: gptoss120b-qwen3emb8b-ingress-tls
Ingress-nginx args (--update-status-on-shutdown=false):
Args:
/nginx-ingress-controller
--default-backend-service=$(POD_NAMESPACE)/ingress-nginx-defaultbackend
--publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
--election-id=ingress-nginx-leader
--controller-class=k8s.io/ingress-nginx
--ingress-class=nginx
--configmap=$(POD_NAMESPACE)/ingress-nginx-controller
--validating-webhook=:8443
--validating-webhook-certificate=/usr/local/certificates/cert
--validating-webhook-key=/usr/local/certificates/key
--enable-ssl-passthrough
--update-status-on-shutdown=false
If I create a separate ingress for each host, there are no problems:
time="2025-10-02T21:09:11Z" level=info msg="All records are already up to date"
time="2025-10-02T21:10:12Z" level=info msg="All records are already up to date"
time="2025-10-02T21:11:13Z" level=info msg="All records are already up to date"
time="2025-10-02T21:12:13Z" level=info msg="All records are already up to date"
time="2025-10-02T21:13:14Z" level=info msg="All records are already up to date"
time="2025-10-02T21:14:14Z" level=info msg="Records cache provider: refreshing records list cache"
time="2025-10-02T21:14:15Z" level=info msg="All records are already up to date"
time="2025-10-02T21:15:15Z" level=info msg="All records are already up to date"
time="2025-10-02T21:16:15Z" level=info msg="All records are already up to date"
time="2025-10-02T21:17:16Z" level=info msg="All records are already up to date"
time="2025-10-02T21:18:17Z" level=info msg="All records are already up to date"
time="2025-10-02T21:19:17Z" level=info msg="All records are already up to date"
time="2025-10-02T21:20:17Z" level=info msg="All records are already up to date"
time="2025-10-02T21:21:17Z" level=info msg="All records are already up to date"
time="2025-10-02T21:22:18Z" level=info msg="All records are already up to date"
time="2025-10-02T21:23:19Z" level=info msg="All records are already up to date"
time="2025-10-02T21:24:20Z" level=info msg="All records are already up to date"
time="2025-10-02T21:25:20Z" level=info msg="All records are already up to date"
time="2025-10-02T21:26:20Z" level=info msg="All records are already up to date"
time="2025-10-02T21:27:21Z" level=info msg="All records are already up to date"
time="2025-10-02T21:28:21Z" level=info msg="All records are already up to date"
time="2025-10-02T21:29:21Z" level=info msg="Records cache provider: refreshing records list cache"
time="2025-10-02T21:29:22Z" level=info msg="All records are already up to date"
time="2025-10-02T21:30:22Z" level=info msg="All records are already up to date"
time="2025-10-02T21:31:23Z" level=info msg="All records are already up to date"
time="2025-10-02T21:32:24Z" level=info msg="All records are already up to date"
time="2025-10-02T21:33:25Z" level=info msg="All records are already up to date"
time="2025-10-02T21:34:26Z" level=info msg="All records are already up to date"
time="2025-10-02T21:35:26Z" level=info msg="All records are already up to date"
time="2025-10-02T21:36:27Z" level=info msg="All records are already up to date"
time="2025-10-02T21:37:28Z" level=info msg="All records are already up to date"
time="2025-10-02T21:38:29Z" level=info msg="All records are already up to date"
time="2025-10-02T21:39:29Z" level=info msg="All records are already up to date"
time="2025-10-02T21:40:30Z" level=info msg="All records are already up to date"
time="2025-10-02T21:41:31Z" level=info msg="All records are already up to date"
time="2025-10-02T21:42:31Z" level=info msg="All records are already up to date"
time="2025-10-02T21:43:31Z" level=info msg="All records are already up to date"
time="2025-10-02T21:44:32Z" level=info msg="Records cache provider: refreshing records list cache"
time="2025-10-02T21:44:33Z" level=info msg="All records are already up to date"
What you expected to happen:
Records should not be recreated.
Environment:
- External-DNS version (use
external-dns --version): v0.19.0 - DNS provider: CloudFlare
- Others: Kubernetes v1.32